CN114567698A - Detection method, device, equipment and storage medium for fraud-related numbers - Google Patents

Detection method, device, equipment and storage medium for fraud-related numbers Download PDF

Info

Publication number
CN114567698A
CN114567698A CN202210193508.2A CN202210193508A CN114567698A CN 114567698 A CN114567698 A CN 114567698A CN 202210193508 A CN202210193508 A CN 202210193508A CN 114567698 A CN114567698 A CN 114567698A
Authority
CN
China
Prior art keywords
fraud
data
numbers
call
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210193508.2A
Other languages
Chinese (zh)
Inventor
张译文
张宁
王方圆
尚程
傅强
梁彧
蔡琳
杨满智
王杰
田野
金红
陈晓光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eversec Beijing Technology Co Ltd
Original Assignee
Eversec Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eversec Beijing Technology Co Ltd filed Critical Eversec Beijing Technology Co Ltd
Priority to CN202210193508.2A priority Critical patent/CN114567698A/en
Publication of CN114567698A publication Critical patent/CN114567698A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Technology Law (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a method, a device, equipment and a storage medium for detecting a fraud-related number, wherein the method comprises the following steps: receiving ticket data corresponding to a target service domain, and determining a plurality of numbers to be tested in the ticket data; determining a fraud-related number in a plurality of numbers to be tested according to the pre-acquired data characteristics corresponding to a plurality of known fraud-related numbers and the data characteristics corresponding to each number to be tested; and outputting the fraud-related number to the early-warning platform so that the early-warning platform can give an early warning to the fraud-related number. The technical scheme of the embodiment of the invention can improve the detection efficiency of the fraud-related number and ensure the safety of the telecommunication communication process.

Description

Detection method, device, equipment and storage medium for fraud-related numbers
Technical Field
The embodiment of the invention relates to the technical field of communication security, in particular to a method, a device, equipment and a storage medium for detecting a fraud-related number.
Background
With the continuous updating and development of electronic information and network communication technologies, the telecommunication technology brings convenient new functional experiences of communication, shopping, social contact, games and the like for people. However, the evolution of telecommunication technology is constantly changing, and there are telecommunication fraud methods and means to update changes in synchronization therewith. Now, some operators and smart phones have provided some identification and interception functions from technical level, but still cannot protect more mixed methods and new forms of telecommunication fraud means and methods.
In the prior art, the existing telecommunication fraud detection means is used for marking fraud telephone numbers by using mobile phone applications such as telephone display or mobile phone steward and the like so as to play a role of reminding users, however, the means are judged based on the marked fraud numbers, and the hidden fraud numbers cannot be effectively detected.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a device and a storage medium for detecting a fraud-related number, which can improve the detection efficiency of the fraud-related number and ensure the security of a telecommunication communication process.
In a first aspect, an embodiment of the present invention provides a method for detecting a fraud-related number, where the method includes:
receiving ticket data corresponding to a target service domain, and determining a plurality of numbers to be tested in the ticket data;
determining a fraud-related number in a plurality of numbers to be tested according to the pre-acquired data characteristics corresponding to a plurality of known fraud-related numbers and the data characteristics corresponding to each number to be tested;
and outputting the fraud-related number to an early-warning platform so that the early-warning platform can carry out early warning on the fraud-related number.
Optionally, determining a plurality of numbers to be tested in the ticket data includes:
and determining a plurality of numbers to be tested in the call bill data according to the account opening duration corresponding to each telephone number, the associated geographical area and the abnormal call data in the call bill data.
Optionally, determining a plurality of numbers to be tested in the call ticket data according to the account opening duration corresponding to each telephone number in the call ticket data, the associated geographic area, and the call data, and includes:
judging whether the account opening duration corresponding to each telephone number in the call bill data is within a preset interval, whether a target dangerous area is included in an associated geographical area, and whether abnormal data is included in the call data;
and if so, determining the telephone number as the number to be detected.
Optionally, determining a fraud-related number from the plurality of numbers to be tested according to the pre-obtained data characteristics corresponding to the plurality of known fraud-related numbers and the data characteristics corresponding to each of the numbers to be tested, including:
obtaining a pre-trained fraud-related number detection model, wherein the fraud-related number detection model is obtained by training data characteristics of a plurality of known fraud-related numbers;
and inputting the numbers to be detected and the call bill information corresponding to the numbers to be detected into the fraud-related number detection model, and determining the fraud-related number in a plurality of numbers to be detected by the fraud-related number detection model.
Optionally, before acquiring the pre-trained fraud-related number detection model, the method further includes:
comparing the data characteristics of each known fraud-related number with the data characteristics of a normal number;
screening target data characteristics from the data characteristics of the known fraud-related numbers according to the comparison result; the target data characteristic is used for distinguishing a fraud-related number from a normal number;
and performing iterative training on a preset machine algorithm model by using target data characteristics corresponding to a plurality of known fraud-related numbers to obtain the fraud-related number detection model.
Optionally, the obtaining of the fraud-related number detection model by performing iterative training on a preset machine algorithm model using target data features corresponding to a plurality of known fraud-related numbers includes:
generating a data characteristic set according to target data characteristics corresponding to a plurality of known fraud-related numbers, and dividing the data characteristic set into a training data set and a testing data set;
and performing iterative training on a preset machine algorithm model by sequentially using the training data set and the test data set to obtain the fraud-related number detection model.
In a second aspect, an embodiment of the present invention further provides an apparatus for detecting a fraud-related number, where the apparatus includes:
the system comprises a data receiving module, a data processing module and a data processing module, wherein the data receiving module is used for receiving call ticket data corresponding to a target service domain and determining a plurality of numbers to be detected in the call ticket data;
the number detection module is used for determining a fraud-related number in a plurality of numbers to be detected according to the data characteristics corresponding to a plurality of known fraud-related numbers acquired in advance and the data characteristics corresponding to each number to be detected;
and the number output module is used for outputting the fraud-related number to an early warning platform so that the early warning platform can carry out early warning on the fraud-related number.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executed by the at least one processor to enable the at least one processor to perform the method for detecting a fraud number provided by any of the embodiments of the present invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where computer instructions are stored, and when executed, the computer instructions are configured to enable a processor to implement the method for detecting a fraud-related number provided by any embodiment of the present invention.
In a fifth aspect, an embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, the computer program implements the method for detecting a fraud-related number provided in any embodiment of the present invention.
According to the technical scheme of the embodiment of the invention, through receiving the ticket data corresponding to the target service domain, determining a plurality of numbers to be detected in the ticket data, determining the fraud-related numbers in the numbers to be detected according to the pre-acquired data characteristics corresponding to a plurality of known fraud-related numbers and the data characteristics corresponding to each number to be detected, and outputting the fraud-related numbers to the early warning platform, so that the technical means that the early warning platform carries out early warning on the fraud-related numbers can accurately and quickly detect the fraud-related numbers, on one hand, the service quality and the brand value of an operator can be improved, and on the other hand, the property loss brought by a user in the telecommunication communication process can be practically reduced.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flow chart of a method for detecting a fraud-related number according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for detecting a fraud-related number according to the second embodiment of the present invention;
FIG. 3a is a flow chart of a method for detecting a fraud-related number according to a third embodiment of the present invention;
fig. 3b is a violin diagram of data characteristics provided according to a third embodiment of the present invention;
fig. 3c is a violin diagram of data characteristics provided according to a third embodiment of the present invention;
fig. 3d is a violin diagram of data characteristics provided according to a third embodiment of the present invention;
FIG. 3e is a correlation distribution diagram of a data feature according to the third embodiment of the present invention;
FIG. 3f is a correlation distribution diagram of a data feature according to a third embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a device for detecting a fraud-related number according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device implementing a method for detecting a fraud number according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a method for detecting a fraud-related number according to an embodiment of the present invention, where the embodiment is applicable to a situation where a fraud-related phone number is identified among a plurality of phone numbers, the method can be executed by a device for detecting a fraud-related number, the device can be implemented by software and/or hardware, and can be generally integrated in a terminal or a server having a data processing function, and the method specifically includes the following steps:
step 110, receiving call ticket data corresponding to the target service domain, and determining a plurality of numbers to be tested in the call ticket data.
In this embodiment, the call ticket data corresponding to each data field in the operator may be received, where the call ticket data may include communication record information of multiple telephone numbers, such as serial number, user identifier, calling number, called number, start time, end time, call duration, call property, and cost. The data domain may include a B domain (service domain), an O domain (operation domain), and the like.
After receiving the call ticket data corresponding to the target service domain, determining a plurality of numbers to be tested in the call ticket data according to the communication record corresponding to each telephone number.
In a specific embodiment, a certain telephone number can be used as the number to be tested, provided that the communication record of the telephone number relates to a wide area, or the prefix of the telephone number includes a suspected fraud indicator (e.g., beginning with 02 or 03). The method has the advantages that some normal telephone numbers can be preliminarily excluded from the call bill data, so that the detection efficiency of the fraud-related numbers is improved.
Step 120, determining a fraud-related number among the plurality of numbers to be tested according to the pre-obtained data characteristics corresponding to the plurality of known fraud-related numbers and the data characteristics corresponding to each of the numbers to be tested.
In this embodiment, before receiving the ticket data corresponding to the target service domain, a plurality of known fraud-related numbers are obtained in advance, and the data characteristics corresponding to the known fraud-related numbers are intercepted according to the historical ticket data. Wherein the data characteristics may include a number characteristic of a telephone number, and a communication characteristic.
In this step, optionally, the similarity between the data characteristics of the fraud-related number and the data characteristics of the number to be detected may be calculated, and if the similarity is higher, the number to be detected may be determined as the fraud-related number; otherwise, if the similarity is low, the number to be detected can be determined as a normal number.
In a specific embodiment, the communication feature may be a communication record related to a phone number, such as the number of home locations of the calling opposite terminal for a plurality of consecutive days, the number of calling opposite terminals for the current day, the calling conversation duration for the current day, and the like.
And step 130, outputting the fraud-related number to an early-warning platform so that the early-warning platform can give an early warning to the fraud-related number.
In this embodiment, the early warning platform can perform early warning on the personnel corresponding to the fraud-related number in a door-to-door manner, a telephone manner, a short message manner, a mail manner, and the like according to the fraud-related number. The advantage of this setting is, can avoid involving in the fraud number and carry out the telecommunications fraud, improve the security of telecommunications interchange process.
According to the technical scheme of the embodiment of the invention, through receiving the ticket data corresponding to the target service domain, determining a plurality of numbers to be detected in the ticket data, determining the fraud-related numbers in the numbers to be detected according to the pre-acquired data characteristics corresponding to a plurality of known fraud-related numbers and the data characteristics corresponding to each number to be detected, and outputting the fraud-related numbers to the early warning platform, so that the technical means that the early warning platform carries out early warning on the fraud-related numbers can accurately and quickly detect the fraud-related numbers, on one hand, the service quality and the brand value of an operator can be improved, and on the other hand, the property loss brought by a user in the telecommunication communication process can be practically reduced.
Example two
This embodiment is a further refinement of the above embodiment, and the same or corresponding terms as those of the above embodiment are explained, and this embodiment is not described again. Fig. 2 is a flowchart of a detection method for a fraud-related number provided in the second embodiment, the technical solution of the second embodiment may be combined with one or more methods in the solutions of the foregoing embodiments, as shown in fig. 2, the method provided in the second embodiment may further include:
step 210, receiving the call ticket data corresponding to the target service domain.
Step 220, determining a plurality of numbers to be tested in the call bill data according to the account opening duration corresponding to each telephone number in the call bill data, the associated geographical area and the abnormal call data.
In a specific embodiment, before receiving the ticket data, a large number of account opening durations of known fraud-related numbers can be obtained in advance, since the account opening durations of the known fraud-related numbers are usually located in a stable interval (e.g., 3 months to 1 year), it can be determined whether the account opening duration corresponding to the telephone number is within the interval, and if so, the telephone number is determined as the number to be detected.
In another specific embodiment, after receiving the ticket data, a geographic area associated with each telephone number can be obtained, and if the geographic area includes a preset target dangerous area, the telephone number is determined as a number to be detected. The geographic area associated with the phone number may be a home location corresponding to the phone number, or a roaming city. The target danger zone may be set according to a geographic area associated with a large number of known fraud-related numbers.
In another specific embodiment, after receiving the ticket data, the communication data corresponding to each phone number can be obtained, the value corresponding to each item of communication data is compared with a preset threshold value, and the abnormal call data corresponding to the phone number is determined according to the comparison result. Specifically, assuming that the number of attributions of the calling party to the certain telephone number for 8 consecutive days is 20, and the preset number is 8, the number of attributions can be used as abnormal call data. Optionally, if abnormal call data exists in a certain telephone number, the telephone number may be determined as a number to be tested.
In one embodiment of the present invention, determining a plurality of numbers to be tested in the call ticket data according to the account opening duration corresponding to each phone number in the call ticket data, the associated geographic area, and the call data includes: judging whether the account opening duration corresponding to each telephone number in the call bill data is within a preset interval, whether a target dangerous area is included in an associated geographical area, and whether abnormal data is included in the call data; and if so, determining the telephone number as the number to be detected.
The method has the advantage that the number to be detected can be evaluated in multiple dimensions, so that the accuracy of the determination result of the number to be detected is ensured.
Step 230, determining a fraud-related number from the plurality of numbers to be tested according to the pre-obtained data characteristics corresponding to the plurality of known fraud-related numbers and the data characteristics corresponding to each of the numbers to be tested.
And 240, outputting the fraud-related number to an early-warning platform so that the early-warning platform can give an early warning to the fraud-related number.
According to the technical scheme of the embodiment of the invention, through receiving the call ticket data corresponding to the target service domain, determining a plurality of numbers to be detected in the call ticket data according to the account opening duration, the associated geographic area and the abnormal call data corresponding to each telephone number in the call ticket data, determining a fraud number in the plurality of numbers to be detected according to the pre-acquired data characteristics corresponding to a plurality of known fraud numbers and the data characteristics corresponding to each number to be detected, and outputting the fraud number to the early warning platform, so that the early warning platform carries out early warning on the fraud number, the detection efficiency of the fraud number can be improved, and the safety of the telecommunication exchange process is ensured.
EXAMPLE III
This embodiment is a further refinement of the above embodiment, and the same or corresponding terms as those of the above embodiment are explained, and this embodiment is not described again. Fig. 3a is a flowchart of a method for detecting a fraud-related number provided in a third embodiment, in the third embodiment, the technical solution of the third embodiment may be combined with one or more methods in the solutions of the foregoing embodiments, as shown in fig. 3a, the method provided in the third embodiment may further include:
step 310, receiving call ticket data corresponding to the target service domain.
And step 320, determining a plurality of numbers to be tested in the call bill data according to the account opening duration corresponding to each telephone number in the call bill data, the associated geographical area and the abnormal call data.
Step 330, obtaining a pre-trained fraud-related number detection model, wherein the fraud-related number detection model is obtained by training data characteristics of a plurality of known fraud-related numbers.
In this embodiment, before receiving the data of the to-be-recorded-ticket, communication records of a plurality of known fraud-related numbers may be obtained, the communication records are analyzed to obtain data characteristics of the plurality of known fraud-related numbers, the data characteristics of the plurality of known fraud-related numbers are used as training samples, and then a preset machine algorithm model is trained by using the plurality of training samples to obtain a fraud-related number detection model. Specifically, the Machine algorithm model may be constructed based on a Light Gradient Boosting Machine (LightGBM) algorithm framework.
In an implementation manner of the embodiment of the present invention, before acquiring the pre-trained fraud-related number detection model, the method further includes: comparing the data characteristics of each known fraud-related number with the data characteristics of a normal number; screening target data characteristics from the data characteristics of the known fraud-related numbers according to the comparison result; the target data characteristic is used for distinguishing a fraud-related number from a normal number; and performing iterative training on a preset machine algorithm model by using target data characteristics corresponding to a plurality of known fraud-related numbers to obtain the fraud-related number detection model.
In this embodiment, after communication records of a plurality of known fraud-related numbers are acquired, the communication records are analyzed to obtain a plurality of data characteristics. However, only partial data features for the model may directly affect the detection effect. Therefore, in order to improve the accuracy of the model detection result and avoid the influence of the redundant features on the detection result, the target data features which really influence the detection effect can be screened from all the data features.
In a specific embodiment, after parsing the communication record, 33 data characteristics can be obtained, as shown in table 1.
TABLE 1
Figure BDA0003525894960000101
Figure BDA0003525894960000111
After the 33 data features are obtained, each data feature may be compared with the data feature of the normal number, and the target data feature may be determined according to the comparison result. Specifically, a violin graph corresponding to each data feature can be generated, and data distribution of the same data feature in the known fraud number communication records and data distribution in the normal number communication records can be recorded in the violin graph.
In a specific embodiment, assuming that the data characteristic is the ratio of the maximum number of contacts in the day to the total number, a violin chart generated according to the data characteristic may be as shown in fig. 3 b. The proportion of the maximum number of contacts on the day to the total number of times known to be involved in a fraud number in fig. 3b is typically less than 0.2, as opposed to the data distribution of normal numbers, so that the proportion of the maximum number of contacts on the day to the total number of times can be determined as the target data characteristic.
In another specific embodiment, assuming that the data characteristic is the number of attributions of the opposite terminal on average each day for 8 days, a violin chart generated according to the data characteristic may be as shown in fig. 3 c. As can be seen from fig. 3c, the distributions of the positive and negative samples on this feature have significant differences, so that the number of attributions of the opposite end of each day can be determined as the target data feature.
In another specific embodiment, assuming that the data feature is the number of the historical 7-day calling numbers, a violin chart generated according to the data feature may be as shown in fig. 3 d. From fig. 3d, it can be known that the distributions of the positive and negative samples on this feature have obvious differences, so that the number of the calling numbers in the historical 7 days can be determined as the target data feature.
In another specific embodiment, FIG. 3e illustrates the distribution of the average duration of the callers on the same day in the known fraud-related numbers in relation to the average duration of the callers on the historical 7 days; fig. 3f shows the distribution of the average duration of the caller in the current day in the normal number and the average duration of the caller in the historical 7 days. As can be known from fig. 3e and fig. 3f, the average duration of the general callers of the known fraud-related numbers is very low, the average duration of the callers of most fraud-related numbers on the same day is greater than the average duration of the callers of the historical 7 days, and the difference is large; otherwise, the calling time length average of the normal number is relatively discrete and the difference is relatively small. Therefore, the average duration of the caller of the current day and the average duration of the caller of the historical 7 days can be determined as the target data feature.
In a specific embodiment, after comparing the data characteristics by the above method, the ratio of the number of calls in the current day, the number of called calls in the current day, the number of removed calls in lac _ ci in the current day, the maximum number of calls in a single number in the current day, the number of calls in the current day, the longest time of calls in the current day, the average time of calls in the current day, the ratio of the maximum number of contacts in the current day to the total number of calls in the current day, the average time of calls in the current day, the average value of the total time of calls in the current day and the current day, the ratio of the first call when the current opposite terminal establishes contact in the current day and the current opposite terminal in the current day, the number of days with a call list in 8 days, the time of opening a call, the number of the opposite terminal attribution the current day in 8 days, the lac _ ci removed numbers in the current day, the number of single contact in the current opposite terminal in 8 days, the number of the opposite terminal in the current day, the number of the opposite terminal in the current day, the number of the current terminal, the number of the opposite terminal, the number of the opposite terminal, the number of the opposite terminal, the number of the opposite terminal, the number of the opposite terminal, the number of the opposite terminal, the number of the opposite terminal, the number of the opposite terminal, the number of the opposite terminal, the number of the opposite terminal, the number of the opposite terminal, the opposite terminal, And determining the average number of the attributions of the opposite terminals every day in 8 days and the average number of contact days of each number in 8 days as target data characteristics, and then performing iterative training on a preset machine algorithm model by using the target data characteristics to obtain a fraud number detection model.
In an implementation manner of the embodiment of the present invention, performing iterative training on a preset machine algorithm model by using target data features corresponding to a plurality of known fraud-related numbers to obtain the fraud-related number detection model, including: generating a data characteristic set according to target data characteristics corresponding to a plurality of known fraud-related numbers, and dividing the data characteristic set into a training data set and a test data set; and performing iterative training on a preset machine algorithm model by sequentially using the training data set and the test data set to obtain the fraud-related number detection model.
Step 340, inputting each number to be detected and the ticket information corresponding to each number to be detected into the fraud-related number detection model, and determining a fraud-related number from a plurality of numbers to be detected by the fraud-related number detection model.
In this embodiment, after each number to be detected and the corresponding ticket information are input to the fraud-related number detection model, the fraud-related number detection model may analyze the ticket information to obtain the data characteristics of the number to be detected, and then determine the fraud-related number according to the data characteristics.
And 350, outputting the fraud-related number to an early-warning platform so that the early-warning platform can give an early warning to the fraud-related number.
According to the technical scheme of the embodiment of the invention, through receiving the call ticket data corresponding to the target service domain, determining a plurality of numbers to be detected in the call ticket data according to the account opening duration, the associated geographic area and the abnormal call data corresponding to each telephone number in the call ticket data, acquiring the pre-trained fraud number detection model, inputting each number to be detected and the call ticket information corresponding to each number to be detected into the fraud number detection model, determining a fraud number in the plurality of numbers to be detected by the fraud number detection model, and outputting the fraud number to the early warning platform, the early warning platform carries out early warning on the fraud number by using the technical means, so that the detection efficiency of the fraud number can be improved, and the safety of the telecommunication communication process is ensured.
Example four
Fig. 4 is a schematic structural diagram of an apparatus for detecting a fraud-related number according to a fourth embodiment of the present invention, as shown in fig. 4, the apparatus includes: a data receiving module 410, a number detecting module 420 and a number outputting module 430.
The data receiving module 410 is configured to receive ticket data corresponding to a target service domain, and determine multiple numbers to be detected in the ticket data;
the number detection module 420 is configured to determine a fraud-related number from a plurality of numbers to be detected according to pre-acquired data characteristics corresponding to a plurality of known fraud-related numbers and data characteristics corresponding to each of the numbers to be detected;
the number output module 430 is configured to output the fraud-related number to an early-warning platform, so that the early-warning platform performs early warning on the fraud-related number.
According to the technical scheme provided by the embodiment of the invention, the phone bill data corresponding to the target service domain is received, the plurality of numbers to be detected are determined in the phone bill data, the fraud-related numbers are determined in the plurality of numbers to be detected according to the pre-acquired data characteristics corresponding to the plurality of known fraud-related numbers and the data characteristics corresponding to the numbers to be detected, and the fraud-related numbers are output to the early warning platform, so that the technical means that the early warning platform carries out early warning on the fraud-related numbers can accurately and quickly detect the fraud-related numbers, on one hand, the service quality and the brand value of an operator can be improved, and on the other hand, the property loss brought by a user in the telecommunication communication process can be practically reduced.
On the basis of the above embodiment, the data receiving module 410 includes:
the number determination unit to be detected is used for determining a plurality of numbers to be detected in the call bill data according to the account opening duration corresponding to each telephone number in the call bill data, the associated geographic area and the abnormal call data;
the phone number judging unit is used for judging whether the account opening duration corresponding to each phone number in the call ticket data is within a preset interval, whether the associated geographic area comprises a target dangerous area or not and whether the call data comprises abnormal data or not;
and the number processing unit is used for determining the telephone number as the number to be detected when the account opening duration corresponding to the telephone number is within a preset interval, the associated geographic area comprises a target dangerous area, and the call data comprises abnormal data.
The number detection module 420 includes:
the system comprises a model acquisition unit, a state detection unit and a state detection unit, wherein the model acquisition unit is used for acquiring a pre-trained fraud-related number detection model which is obtained by training data characteristics of a plurality of known fraud-related numbers;
and the data input unit is used for inputting the numbers to be detected and the ticket information corresponding to the numbers to be detected into the fraud-related number detection model, and determining the fraud-related number in the numbers to be detected by the fraud-related number detection model.
The detection device for the fraud-related number further comprises:
the characteristic comparison module is used for comparing the data characteristics of the known fraud-related numbers with the data characteristics of normal numbers;
the characteristic screening module is used for screening target data characteristics from the data characteristics of the known fraud-related numbers according to the comparison result; the target data characteristic is used for distinguishing a fraud-related number from a normal number;
the model training module is used for carrying out iterative training on a preset machine algorithm model by using target data characteristics corresponding to a plurality of known fraud-related numbers to obtain the fraud-related number detection model;
wherein, the model training module includes:
the data set dividing unit is used for generating a data feature set according to target data features corresponding to a plurality of known fraud-related numbers and dividing the data feature set into a training data set and a testing data set;
and the iterative training unit is used for performing iterative training on a preset machine algorithm model by sequentially using the training data set and the test data set to obtain the fraud-related number detection model.
The device can execute the methods provided by all the embodiments of the invention, and has corresponding functional modules and beneficial effects for executing the methods. For technical details which are not described in detail in the embodiments of the present invention, reference may be made to the methods provided in all the aforementioned embodiments of the present invention.
EXAMPLE five
FIG. 5 illustrates a schematic diagram of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 5, the electronic device 10 includes at least one processor 11, and a memory communicatively connected to the at least one processor 11, such as a Read Only Memory (ROM)12, a Random Access Memory (RAM)13, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 11 can perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM)12 or the computer program loaded from a storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data necessary for the operation of the electronic apparatus 10 can also be stored. The processor 11, the ROM 12, and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
A number of components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, or the like; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, or the like. The processor 11 performs the various methods and processes described above, such as a detection method of a fraud-related number.
In some embodiments, the detection method of a fraud-related number may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as the storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the above-described fraud-number-related detection method may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the method of detecting a fraud-related number by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on a machine, as a stand-alone software package partly on a machine and partly on a remote machine or entirely on a remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method of detecting a fraud-related number, the method comprising:
receiving ticket data corresponding to a target service domain, and determining a plurality of numbers to be tested in the ticket data;
determining a fraud-related number in a plurality of numbers to be tested according to the pre-acquired data characteristics corresponding to a plurality of known fraud-related numbers and the data characteristics corresponding to each number to be tested;
and outputting the fraud-related number to an early-warning platform so that the early-warning platform can carry out early warning on the fraud-related number.
2. The method of claim 1, wherein determining a plurality of numbers to be tested in the call ticket data comprises:
and determining a plurality of numbers to be tested in the call bill data according to the account opening duration corresponding to each telephone number, the associated geographical area and the abnormal call data in the call bill data.
3. The method of claim 2, wherein determining a plurality of numbers to be tested in the call ticket data according to the account opening duration, the associated geographical area and the call data corresponding to each phone number in the call ticket data comprises:
judging whether the account opening duration corresponding to each telephone number in the call bill data is within a preset interval, whether a target dangerous area is included in an associated geographical area, and whether abnormal data is included in the call data;
and if so, determining the telephone number as the number to be detected.
4. The method as claimed in claim 1, wherein the determining a fraud-related number among a plurality of numbers to be tested according to the pre-obtained data characteristics corresponding to a plurality of known fraud-related numbers and the data characteristics corresponding to each of said numbers to be tested comprises:
obtaining a pre-trained fraud-related number detection model, wherein the fraud-related number detection model is obtained by training data characteristics of a plurality of known fraud-related numbers;
and inputting the numbers to be detected and the call bill information corresponding to the numbers to be detected into the fraud-related number detection model, and determining the fraud-related number in a plurality of numbers to be detected by the fraud-related number detection model.
5. The method as recited in claim 4, further comprising, prior to acquiring a pre-trained fraud-related number detection model:
comparing the data characteristics of each known fraud-related number with the data characteristics of a normal number;
screening target data characteristics from the data characteristics of the known fraud-related numbers according to the comparison result; the target data characteristic is used for distinguishing a fraud-related number from a normal number;
and performing iterative training on a preset machine algorithm model by using target data characteristics corresponding to a plurality of known fraud-related numbers to obtain the fraud-related number detection model.
6. The method as claimed in claim 5, wherein the iteratively training a preset machine algorithm model using target data features corresponding to a plurality of known fraud-related numbers to obtain the fraud-related number detection model comprises:
generating a data characteristic set according to target data characteristics corresponding to a plurality of known fraud-related numbers, and dividing the data characteristic set into a training data set and a test data set;
and performing iterative training on a preset machine algorithm model by sequentially using the training data set and the test data set to obtain the fraud-related number detection model.
7. An apparatus for detecting a fraud-related number, the apparatus comprising:
the system comprises a data receiving module, a data processing module and a data processing module, wherein the data receiving module is used for receiving call ticket data corresponding to a target service domain and determining a plurality of numbers to be detected in the call ticket data;
the number detection module is used for determining a fraud-related number in a plurality of numbers to be detected according to the data characteristics corresponding to a plurality of known fraud-related numbers acquired in advance and the data characteristics corresponding to each number to be detected;
and the number output module is used for outputting the fraud-related number to an early warning platform so that the early warning platform can carry out early warning on the fraud-related number.
8. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores a computer program executable by the at least one processor, the computer program being executed by the at least one processor to enable the at least one processor to perform the method of detecting a fraud-related number of any of claims 1-6.
9. A computer-readable storage medium, characterized in that it stores computer instructions for causing a processor to implement, when executed, a method for detecting a fraud-related number of any of claims 1-6.
10. A computer program product, characterized in that it comprises a computer program which, when being executed by a processor, implements a method of detecting a fraud-related number according to any one of claims 1-6.
CN202210193508.2A 2022-03-01 2022-03-01 Detection method, device, equipment and storage medium for fraud-related numbers Pending CN114567698A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210193508.2A CN114567698A (en) 2022-03-01 2022-03-01 Detection method, device, equipment and storage medium for fraud-related numbers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210193508.2A CN114567698A (en) 2022-03-01 2022-03-01 Detection method, device, equipment and storage medium for fraud-related numbers

Publications (1)

Publication Number Publication Date
CN114567698A true CN114567698A (en) 2022-05-31

Family

ID=81716410

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210193508.2A Pending CN114567698A (en) 2022-03-01 2022-03-01 Detection method, device, equipment and storage medium for fraud-related numbers

Country Status (1)

Country Link
CN (1) CN114567698A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107506776A (en) * 2017-01-16 2017-12-22 恒安嘉新(北京)科技股份公司 A kind of analysis method of fraudulent call number
WO2020134523A1 (en) * 2018-12-29 2020-07-02 中兴通讯股份有限公司 User identification method and device
CN113923669A (en) * 2021-11-10 2022-01-11 恒安嘉新(北京)科技股份公司 Anti-fraud early warning method, device, equipment and medium for multi-source cross-platform fusion

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107506776A (en) * 2017-01-16 2017-12-22 恒安嘉新(北京)科技股份公司 A kind of analysis method of fraudulent call number
WO2020134523A1 (en) * 2018-12-29 2020-07-02 中兴通讯股份有限公司 User identification method and device
CN113923669A (en) * 2021-11-10 2022-01-11 恒安嘉新(北京)科技股份公司 Anti-fraud early warning method, device, equipment and medium for multi-source cross-platform fusion

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赵越等: "基于机器学习的大数据防诈骗能力研究与应用", 《江苏通信》, vol. 35, no. 4, 30 April 2019 (2019-04-30), pages 1 - 4 *

Similar Documents

Publication Publication Date Title
CN107566358B (en) Risk early warning prompting method, device, medium and equipment
CN107809331B (en) Method and device for identifying abnormal flow
CN111104521B (en) Anti-fraud detection method and detection system based on graph analysis
CN111092999A (en) Data request processing method and device
CN114580916A (en) Enterprise risk assessment method and device, electronic equipment and storage medium
CN111914057A (en) Method and device for detecting and filtering sensitive words of customer service system
CN112131382B (en) Method and device for identifying high-rise areas of civil problems and electronic equipment
CN117609992A (en) Data disclosure detection method, device and storage medium
CN113055523A (en) Crank call interception method and device, electronic equipment and storage medium
CN115687406B (en) Sampling method, device, equipment and storage medium for call chain data
CN115906135A (en) Tracing method and device for target data leakage path, electronic equipment and storage medium
CN114567698A (en) Detection method, device, equipment and storage medium for fraud-related numbers
CN113676531B (en) E-commerce flow peak clipping method and device, electronic equipment and readable storage medium
CN115333783A (en) API call abnormity detection method, device, equipment and storage medium
CN114661562A (en) Data warning method, device, equipment and medium
CN114710590A (en) Crank call detection method, device, equipment and medium
CN116166501B (en) Log verification method and device, electronic equipment and storage medium
CN114553486B (en) Illegal data processing method and device, electronic equipment and storage medium
CN115190008B (en) Fault processing method, fault processing device, electronic equipment and storage medium
CN115859349B (en) Data desensitization method and device, electronic equipment and storage medium
CN117611175A (en) Fraud-prevention account transfer method and device, electronic equipment and storage medium
EP4099319A1 (en) Wake-up index monitoring method and apparatus, and electronic device
CN117932671A (en) Message processing method and device, electronic equipment and storage medium
CN117076988A (en) Abnormal behavior detection method, device, equipment and medium
US20140222801A1 (en) Autonomic selective importation of contacts in a contact management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination